Pergunta
I am trying to create a "heartbeat" page on my ASP.NET MVC 4 system, so we can check on an automated basis that everything is working OK. All it's going to do is run a simple query on the DB and make sure no exception is thrown, in which case it'll return Json "success", otherwise it'll return the exception message.
The rest of the system is protected by Forms authentication:
https://stackoverflow.com/questions/20377015
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<authentication mode="Forms">
<forms name=".ADAuthCookie2" loginUrl="~/Account/Login" timeout="60" slidingExpiration="true" />
</authentication>
...
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
But obviously I don't want to force authentication for a heartbeat check. So I've created a HeartBeatController, and tagged both the controller and the Index() method with [AllowAnonymous] - but still, when I try to access the /HeartBeat url, I get redirected to the login page.
What am I missing?
Solução
You'll have to remove the
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
as I believe the AllowAnonymous attribute won't override that.
UPDATE
You'll have to add an Authorize attribute to the controllers, or as the following article mentions, you can set it in GlobalFilters
